tsai
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #2769 from Budibase/fix/account-email-clash 

Prevent root account users being re-created as internal budibase users
pull/4023/head
Rory Powell 5 years ago
committed by GitHub
parent
4f8da83dae 4b30a4e7ef
commit
0fec07d157
2 changed files with 32 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      packages/auth/accounts.js
  2. 35
      packages/worker/src/api/controllers/global/users.js

1
packages/auth/accounts.js
View File

@ -0,0 +1 @@
module.exports = require("./src/cloud/accounts")

35
packages/worker/src/api/controllers/global/users.js
View File

@ -11,6 +11,7 @@ const { sendEmail } = require("../../../utilities/email")
const { user: userCache } = require("@budibase/auth/cache")
const { invalidateSessions } = require("@budibase/auth/sessions")
const CouchDB = require("../../../db")
const accounts = require("@budibase/auth/accounts")
const {
getGlobalDB,
getTenantId,
@ -49,10 +50,27 @@ async function saveUser(
// make sure another user isn't using the same email
let dbUser
if (email) {
// check budibase users inside the tenant
dbUser = await getGlobalUserByEmail(email)
if (dbUser != null && (dbUser._id !== _id || Array.isArray(dbUser))) {
throw "Email address already in use."
}
// check budibase users in other tenants
if (env.MULTI_TENANCY) {
dbUser = await getTenantUser(email)
if (dbUser != null) {
throw "Email address already in use."
}
}
// check root account users in account portal
if (!env.SELF_HOSTED) {
const account = await accounts.getAccount(email)
if (account) {
throw "Email address already in use."
}
}
} else {
dbUser = await db.get(_id)
}
@ -267,13 +285,22 @@ exports.find = async ctx => {
ctx.body = user
}
exports.tenantUserLookup = async ctx => {
const id = ctx.params.id
// lookup, could be email or userId, either will return a doc
// lookup, could be email or userId, either will return a doc
const getTenantUser = async identifier => {
const db = new CouchDB(PLATFORM_INFO_DB)
try {
ctx.body = await db.get(id)
return await db.get(identifier)
} catch (err) {
return null
}
}
exports.tenantUserLookup = async ctx => {
const id = ctx.params.id
const user = await getTenantUser(id)
if (user) {
ctx.body = user
} else {
ctx.throw(400, "No tenant user found.")
}
}

Write Preview
Loading…
Cancel
Save